[Info-vax] Python for x86?
Arne Vajhøj
arne at vajhoej.dk
Mon Apr 17 21:43:03 EDT 2023
On 4/17/2023 3:14 PM, Dave Froble wrote:
> On 4/17/2023 3:00 PM, Scott Dorsey wrote:
>> 25 years ago, those skilled domain knowledge experts would be sitting
>> down
>> with a programmer and telling the programmer what they wanted, and the
>> programmer would be saying things like "Would it be okay if we did it in
>> THIS order because it would be faster?" and things like "If this value is
>> zero, it's not going to work, so will this ever be zero?" There would be
>> a team with the programmer and the subject matter expert.
>
> This is most of the problem. The hackers, Ok, SME, don't consider
> anything except what they want to do.
>
> Another simple example. A third party accepts and stores credit card
> information, so vendors don't have to. Some web designer didn't know
> how to query if the credit card info was already on file, so he just
> created a new credit card entry for every usage. No problem for him.
> But, when a capable person did an inquiry to see if the card was already
> on file, back came thousands of the same CC #. Caused real problems,
> but not for the hacker.
Obviously a disaster design/implementation.
But usually it is the SME's problem if business rules are
not properly implemented.
Arne
PS: Having the credit card information even transient should be
sufficient to trigger PCI-DSS compliance requirements even
if persisted elsewhere.
More information about the Info-vax
mailing list